Skip to content
/ threat-modeling Public

A project dedicated to showcase a case scenario to highlight threat modeling strategies

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rafa8626/threat-modeling

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Application Summary
Application Summary
 
 
Attack Scenario 1
Attack Scenario 1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Risk Summary.md
Risk Summary.md
 
 

Repository files navigation

Threat Modelling Workshop Summary

Introduction

A 3-hour threat modelling workshop took place to detail the runbook scenario of multiple AI attacks against the web-facing health care application Solaris Care Connect 360.

Attendess

Care Connect Eng team, Product Managers, DevEx Engineers and the DevSecOps Team.

Scope

4 Scenarios were run covering: (1) AI Generated External phishing email utilising admin credentials, (2) Attack against Machine Processes and the data lake, (3) SQL Injection attack and (4) Insider attack taking Quant algorithms.

Methodology

All scenarios were run against the cyber attack killchain, utilising the Mitre Att&ack framework and STRIDE for control gap assessments. Culminating in identified risks.

Conclusion

A total of 4 high risks and 1 medium risks were found during the threat modelling workshop.

Controls Required

  • Regular security audits using ASVS specifically targeting the Solaris Health 360 application to detect vulnerabilities and weaknesses in its security measures.
  • Patch management to ensure the Solari Health 360 application and its underlying technologies are up-to-date and protected against known vulnerabilities.
  • Comprehensive employee training on phishing awareness to educate users of the Solaris Health 360 application about the risks of phishing attacks and how to identify and report suspicious emails.
  • Implementation of a Web Application Firewall (WAF) tailored to the Solari Health 360 application's traffic to monitor and filter incoming requests for malicious activity.
  • Deployment of Multi-factor Authentication (MFA) to enhance authentication security and prevent unauthorized access to the Solari Health 360 application.
  • Continuous network traffic monitoring to detect and respond to suspicious activity within the Solari Health 360 application's infrastructure.
  • Implementation of Role-based Access Control (RBAC) within the Solari Health 360 application to limit access to sensitive health data and functionalities based on user roles and permissions.

Threat Modelling Process Summary

mindmap
  root((Attack Begins))
    STRIDE/MITRE ATT&CK/Kill Chain
      Conduct Inherent Risk Assesment
      ::icon(fa fa-book)
      Create Critical Asset List
        Schedule and Scope Threat Modelling Workshop
    Controls Required
      Risks<br/>Mitigations
      Risk Summary
        Redmeiation workflow
            Slack
            JIRA
    Attack Scenarios
      Attack 1
      Attack 2
      Attack 3
      Attack 4
Loading

About

A project dedicated to showcase a case scenario to highlight threat modeling strategies

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published